movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-12 05:16:25 +03:00
Code Activity

nixos/tor: use RuntimeDirectory, StateDirectory (#39083)

Browse source
This commit is contained in:
Robert Schütz 2018-04-18 09:42:45 +02:00 committed by GitHub
parent f00221d0eb
commit 5bd12c694b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/security/tor.nix
View file

@ -703,14 +703,10 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
restartTriggers = [ torRcFile ]; restartTriggers = [ torRcFile ];
# Translated from the upstream contrib/dist/tor.service.in
preStart = ''
install -o tor -g tor -d ${torDirectory}/onion ${torRunDirectory}
${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config
'';
serviceConfig = serviceConfig =
{ Type = "simple"; { Type = "simple";
# Translated from the upstream contrib/dist/tor.service.in
ExecStartPre = "${pkgs.tor}/bin/tor -f ${torRcFile} --verify-config";
ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0"; ExecStart = "${pkgs.tor}/bin/tor -f ${torRcFile} --RunAsDaemon 0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
KillSignal = "SIGINT"; KillSignal = "SIGINT";
@ -725,6 +721,8 @@ in
# DeviceAllow /dev/urandom r # DeviceAllow /dev/urandom r
# .. but we can't specify DeviceAllow multiple times. 'closed' # .. but we can't specify DeviceAllow multiple times. 'closed'
# is close enough. # is close enough.
RuntimeDirectory = "tor";
StateDirectory = [ "tor" "tor/onion" ];
PrivateTmp = "yes"; PrivateTmp = "yes";
DevicePolicy = "closed"; DevicePolicy = "closed";
InaccessibleDirectories = "/home"; InaccessibleDirectories = "/home";